2017 © Pedro Peláez
 

library session-monster

A monster eating session cookies - works with Varnish + Laravel

image

haifanghui/session-monster

A monster eating session cookies - works with Varnish + Laravel

  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 6 Forks
  • 0 Open issues
  • 1 Versions
  • 0 % Grown

The README.md

sessionmonster

SessionMonster eats sessions in Laravel, (*1)

Why?

A theory is Varnish should always be caching all the traffic. If, (*2)

  • Response is a "function" of the current state
  • The state is defined solely by the request body

However, if the request sent to Varnish does have any session cookie (laravelsessionid=blahblah), and since Varnish is not able to look into Laravel session storage system, it has to passthrough all the traffic for this request - no caching., (*3)

Also Varnish is not able to cache response from web servers if it returns with cookie., (*4)

Ideally, if there is no requirement for session storage, our application should not start a new session or load a session. If there is no new session created, there should be no cookie set from web application. In that case, Varnish should be aggressively caching all the traffic., (*5)

The target of this project is to delay the session cookie from being set, until doing so becomes meaningful., (*6)

For example, when a new client (A) comes to http://www.haifanghui.com/, he then goes to http://www.haifanghui.com/a/ to view all the news about Australian property market, during the whole process, there should be no session cookie set in his browser. However, when A goes to http://www.haifanghui.com/login and login, there should be a session created - since the user's ID would be stored in it., (*7)

How it works?

When SessionMonster registers itself SessionMonsterServiceProvider, it inject a closure to Laravel's response hook, it would figure out if there is any valuable session data in the session storage for each of the response., (*8)

When SessionMonster figures out there is no data in the response session, it would send a X-No-Session: yeah header with the response. A correspondent Varnish VCL section looks like this,, (*9)

    if (beresp.http.X-No-Session ~ "yeah") {
        unset beresp.http.set-cookie;
    }

This would strip all the cookie from response if X-No-Session header is yeah., (*10)

This project is used in HaiFangHui.com production site, and it serves us pretty good., (*11)

The Versions

28/09 2014

dev-master

9999999-dev https://www.github.com/HaiFangHui/sessionmonster

A monster eating session cookies - works with Varnish + Laravel

  Sources   Download

LGPL-2.1

The Requires

 

by Avatar haifanghui
by Quan Sun

laravel varnish session storage